Novelis obtains AFAQ ISO/IEC 27001 certification
Paris, May 02, 2022 – Novelis, an International technology company at the forefront of AI research, specializing in innovative architectures and operational efficiency of business processes, is going one step further in helping its clients ensure the security of their IT systems by being certified ISO 27001.
The AFAQ ISO/IEC 27001 certification demonstrates that Novelis has implemented an effective Information Security Management System (ISMS) built on the ISO 27001 international reference standard. This standard defines methods for identifying cyber threats, controlling the risks associated with organizations’ critical information and implementing appropriate safeguards to ensure the confidentiality, availability and integrity of information.
All of Novelis’ stakeholders can rest assured that they are working with a trusted partner that has a robust information security management system and has proven compliance with internationally recognized criteria.
This certification was issued by AFNOR, the leading certification body in France for ISO 27001 certification.
About AFAQ ISO/IEC 27001 certification
To ensure the security of their sensitive information, organizations can rely on the ISO/IEC 27000 family of standards.
ISO/IEC 27001 is the best-known standard in this family, which includes no less than a dozen standards. It specifies the requirements for information security management systems (ISMS). The implementation of the standards in this family by any type of organization facilitates the management of the security of sensitive assets such as financial data, intellectual property documents, personnel data or information entrusted by third parties. Learn more about the standards
Benefits of ISO 27001 certification (source AFNOR)
- Identify the threats and dangers to your information system
- Mobilize your teams around a common project
- Improve your practices to secure your information system
- Control the costs related to cybersecurity
- To perpetuate your activity
- Increase your clients’ confidence and meet their security requirements
Today, the ISO 27001 standard is the worldwide reference for Information Security Management Systems. It concerns all organizations, whatever their size, as soon as they manage critical data for themselves or for third parties.
ISO 27001 defines all the standards and good practices to be respected in order to maximize the security of information systems in terms of IT infrastructure, software and employees.
You want to get ISO 270001 certification? Novelis can help you with your due diligence
Novelis offers its customers a complete audit in accordance with the ISO 27001 standard. Covering all the chapters of the standard such as :
- Information security policies
- Information security organization
- Human resources security
- Access control
- Physical and environmental security
- Operational security
- Communications security
- Acquisition, development and maintenance of information systems
- Information security incident management
- Information security aspects of business continuity management
Going Further: Novelis Helps You Secure Your Organization and Systems
Novelis offers its cybersecurity expertise in a pragmatic approach, integrating both the dimension related to the analysis of the current situation (penetration tests, audit, identification of internal and external threats…) but also on a long-term support in terms of governance, processes and best practices to protect against cyber-attacks and establish a cyber-resilience mechanism.
Created in 2017, Novelis is a hybrid structure halfway between startup, consulting firm, publisher and service company. At Novelis, innovation is reflected in daily investments, both in disruptive technologies and in the work carried out in their internal R&D Lab. The latter is financed by their service activities up to 1/4 of the revenue.
The company currently employs around 100 people and has an international presence, supporting some 60 clients in their business challenges.
[Webinar] Cybersecurity: how to gain efficiency through automation?
Against the backdrop of the economic slowdown, cybersecurity is on the rise! Gartner forecasts an increase in cybersecurity spending of 11.3% in 2023 (vs. an increase of 7.2% in 2022). It must be said that the pace of cyber attacks has never been more intense (+400% since the beginning of the health crisis) and in France, more than one out of two companies reported having suffered between 1 and 3 successful cyber attacks with repercussions for the victims during 2021 (CESIN-OpinionWay survey). The impact and virulence of attacks are constantly increasing and all companies, from the very small to the multinational, have had to massively review their security systems.
While organizations no longer need to be convinced of the need to invest in protecting themselves against cyber risks, many of them are faced with a shortage of expert resources in the field to take charge of these issues. Faced with this situation, one of the major challenges for CISOs is to make their teams more efficient and effective or to find “how to do more and better with less”.
During its next webinar dedicated to cyber, Novelis invites you to discover how automation can become an essential operational efficiency lever for your cyber teams. Join us on November 3rd at 11:30am.
The daily life of cyber teams is full of tasks with high potential for automation, predictable, processable and repeatable, such as simple configuration changes, software installations or updates, service restarts, log management, penetration tests…
Automating cyber processes allows organizations to increase reliability and security:
- Minimize the biggest vulnerability in cybersecurity: human error by ending manual, repetitive tasks.
- Reduce time-consuming manual activities for a better use of resources redeployed on higher value-added activities
- Reduce threat detection and response time with 24/7 monitoring. Improving the security coverage of the infrastructure
In this final webinar of our series on cybersecurity, we will see how to strengthen security and gain efficiency thanks to automation with many detailed use cases in illustration.
This session will be hosted by Oussama Hamdi, Cyber Security Consultant & Auditor at Novelis and Georges Abou Haidar, Solutions Architect and Product Owner of SmartRoby at Novelis.
[Webinar] Which system should I implement to secure my organization?
The information system has become the nerve center of a large number of organizations and securing it is no longer an option in the face of the resurgence of cyber threats. In France, 9 out of 10 companies have already been affected by an act of cyber maliciousness and 43% of them are SMEs. However, only 17% of SMEs are protected against cyber attacks… The stakes and risks involved are numerous and can have irreversible consequences for organizations:
- Financial risks: Loss of turnover, cessation of activity, fines, technical or legal costs, increase in insurance premiums ….
- Image: Deterioration of the brand image, loss of notoriety, loss of confidence from customers, partners and suppliers.
- Human : Stress of the teams, trauma or burn-out, immense stress, technical unemployment, redundancy plans…
- Immaterial: Loss of intellectual property, theft of R&D or customers, loss of a competitive advantage…
This was the case for a health insurance company that was hacked and had personal data stolen: it revealed huge financial repercussions up to 5 years after the attack, due to the absence of new contracts.
As you can see, the implementation of a cybersecurity strategy has become a priority for all organizations, regardless of their size! But where to start? What strategy to adopt? What skills are needed? What is the budget? How to ensure a sustainable security of its IS?
Protecting yourself from cyber risks is not always synonymous with significant costs and simple actions can already significantly reduce your exposure.
During this webinar, you will discover :
- A step-by-step cyber security approach
- IS: what needs to be protected first
- A concrete example of a step-by-step approach to IS security
This session will be led by our expert Oussama Hamdi, Cyber Security Consultant & Auditor at Novelis.
This webinar is the 2nd episode of our series of webinars dedicated to cybersecurity. To see the replay of episode 1, see our dedicated page.
[Webinar] How to assess and protect yourself from cyber risks?
2021 has been an unprecedented year in terms of cyberattacks, as evidenced by SolarWinds or more recently the Log4j flaw which as a reminder could have a massive impact on a third of the servers in the world (including those of large companies like Microsoft, Apple’s iCloud, Amazon…). This type of attack can have a global impact and may have affected you even without you realizing it.
Today, digitization and digital transformation have led to new IT security vulnerabilities and cyber risks have never been stronger.
Because of this increase in attacks, cybersecurity in 2022 will continue to be a major business area requiring companies to think about their needs and how they manage their security systems.
A very recent example shows us the importance of protecting our information and communication systems more intensively:
On May 16, 2022, Costa Rica’s president declared that he was “at war” with the Conti cybercrime group, threatening to overthrow the government. The group’ s attack has disabled Costa Rican government agencies since April, preventing it from collecting taxes and salaries for some employees. It also allowed cybercriminals to access critical systems in the country’s Ministry of Finance. The attackers demanded a ransom of $20 million (read more).
This type of attack shows the great capacity of ransomware groups, such as Conti, to operate on any scale, including nation-states! Thus causing national crises.
Cyber attacks can therefore also target all sizes of companies and all sectors: whether you are a major player in the financial sector, a small business in the service sector or even a small retailer, you can be targeted by hackers.
Cybersecurity professionals have an essential role to play because cybersecurity has become an absolute necessity for all companies wishing to ensure the sustainability of their activities.
We propose you to decipher the risks and the first steps necessary to protect your organization and your systems.
During this webinar, you will discover
- Potential vulnerabilities, their evolution and associated risks
- How can you best protect your business against cyber threats?
- How can risks be mitigated and what measures should be taken?